Bonterms-derivative SLA. This Service Level Agreement substantially follows the Bonterms Cloud Service Level Agreement framework. It is incorporated by reference into the Terms of Service and defines ElasticD3M, LLC's Control Plane uptime, incident-response, and Service Credit commitments for Aegis AI™ subscriptions.
1. Scope
This Service Level Agreement ("SLA") applies to the Sentinel, Guardian, Vanguard, Fortress, and Sovereign monthly subscriptions and to the live ai4ciso.ai customer portal. The Multi-Framework Readiness Snapshot is a one-time engagement and is not subject to ongoing SLA commitments; it is covered by the deliverability terms in the Terms of Service and the Cancellation Policy.
2. Definitions
- "Control Plane" means the production Aegis AI™ platform components Customer relies on under its active subscription: (a) the customer portal at app.ai4ciso.ai; (b) the document-generation backend (control matrix, evidence binder, risk register, POA&M, board narrative); (c) the Stripe billing integration; and (d) transactional email delivery via the verified ai4ciso.ai domain.
- "Uptime" means the percentage of total minutes in a calendar month that the Control Plane is materially available to Customer (excluding Scheduled Maintenance and Excused Downtime).
- "Scheduled Maintenance" means maintenance announced at least seventy-two (72) hours in advance, performed during off-peak hours (Tuesday or Saturday 04:00–08:00 U.S. Central time), and not exceeding four (4) hours per occurrence.
- "Excused Downtime" means downtime caused by: (i) Customer's acts or omissions, (ii) failures of Customer's connected systems or networks, (iii) failures of upstream third-party services beyond Provider's reasonable control (e.g., AWS regional outages, Stripe outages, Cloudflare outages, Anthropic outages), or (iv) force majeure events.
- "Service Credit" means a credit applied to Customer's next monthly invoice as compensation for Uptime falling below the commitment.
3. Uptime Commitment
Provider commits to 99.9% monthly Control Plane Uptime across all paid subscription tiers (Sentinel through Sovereign). Uptime is measured per calendar month, in U.S. Central time, excluding Scheduled Maintenance and Excused Downtime.
4. Incident Severities and Response Times
Provider classifies incidents and commits to the following acknowledgment and response times during the support hours applicable to Customer's tier:
| Severity | Definition | Acknowledgment |
|---|---|---|
| P0 | Production-down; Control Plane materially unavailable to a majority of Customers; or confirmed Personal Data Breach affecting Customer. | 15 minutes |
| P1 | Major function impaired; deliverable cycle blocked for Customer; security incident with potential Customer impact. | 1 hour |
| P2 | Partial degradation with workaround available; non-blocking defect in deliverable. | 4 hours |
| P3 | Cosmetic issue, documentation gap, or feature request. | 1 business day |
P0 acknowledgment is round-the-clock. P1 acknowledgment runs 24/7 on Fortress and Sovereign; standard business hours otherwise. P2 and P3 run during U.S. Central business hours (Monday–Friday, 09:00–18:00, excluding U.S. federal holidays). Fortress concierge SLA and Sovereign white-glove escalation are additive to the baseline above.
5. Service Credits
If monthly Control Plane Uptime falls below 99.9%, Customer is eligible for a Service Credit calculated as a percentage of the monthly subscription fee paid for the affected tier:
| Monthly Uptime | Service Credit |
|---|---|
| 99.0% — < 99.9% | 25% of monthly fee |
| 95.0% — < 99.0% | 50% of monthly fee |
| < 95.0% | 100% of monthly fee |
Claim Process. Customer must submit a written Service Credit claim to [email protected] within thirty (30) days after the end of the calendar month in which the SLA miss occurred. Provider will validate the claim within fifteen (15) business days. Approved Service Credits are applied automatically to Customer's next monthly invoice.
6. Incident Communications
For Severity 1 (P0) incidents materially affecting Control Plane availability, Provider commits to:
- Initial customer notification: within one (1) hour of Provider's confirmation of the incident.
- Status updates: at least every two (2) hours during an open P0 incident.
- Post-incident report: a written summary delivered to affected Customers within seven (7) calendar days of resolution, including root cause, customer impact, remediation steps, and prevention measures.
For confirmed Personal Data Breach incidents, the seventy-two (72) hour notification commitment in the DPA applies in addition to this SLA.
7. Scheduled Maintenance
Provider will give Customer at least seventy-two (72) hours' advance notice of any Scheduled Maintenance affecting the production Control Plane. Scheduled Maintenance is performed during off-peak windows (Tuesday or Saturday 04:00–08:00 U.S. Central time) and does not count against monthly Uptime.
8. Exclusions
This SLA does not apply to downtime caused by:
- Customer's acts, omissions, configuration changes, or breaches of the Terms of Service or Acceptable Use Policy.
- Failures of Customer's connected systems (cloud connectors, identity providers, networks).
- Failures of upstream third-party services beyond Provider's reasonable control, including AWS regional outages, Stripe outages, Cloudflare outages, Anthropic outages, Resend outages, DNS failures, internet backbone outages, or denial-of-service attacks beyond reasonable mitigation.
- Beta features or pre-release functionality clearly marked as such.
- Force majeure events as defined in the Terms of Service.
9. Sole Remedy
Service Credits are Customer's sole and exclusive remedy for any failure to meet the Uptime commitment under this SLA. The maximum aggregate Service Credit issued in any calendar month is one hundred percent (100%) of Customer's monthly subscription fee for that month.
10. Termination for Repeated SLA Failure
If Provider fails to meet the 99.9% Uptime target for three (3) consecutive calendar months, Customer may terminate its affected subscription for cause by written notice to Provider, effective at the end of the then-current paid period, and receive a pro-rata refund of any unused prepaid fees for periods beyond the termination date.
11. Contact
Service status, incident reports, or SLA questions: [email protected]
Public status page (when available): status.ai4ciso.ai
Effective Date: May 12, 2026 · Version: 1.0 (Bonterms-derivative)